Financial Services, Information Security, Personal data and Security

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Privacy

Privacy Data Privacy GDPR Personal data

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured.

Personal data

Personal data Phishing Risk Financial Services

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

The statement explains that “[t]here are over 5,000 UK companies operating in the UAE, many of which depend on the free and secure flow of safe data across borders.” The DIFC has already recognized the UK’s strong data protections and the UK is now in the advanced stages of its technical data protection assessment of the DIFC.

Government

Government Financial Services Personal data Security

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million. 23 NYCRR § 500.13.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. When you enter personal information on our Site, we encrypt transmissions involving such information using secure protocols.”

Passwords

Passwords Financial Services Authentication Insurance

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Personal data belonging to millions of customers of large businesses have been exposed due to a flaw in Onfido IDV. Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Verification process.

Personal data

Personal data Phishing Data breaches Passwords

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Security in the finance sector: Whose role is it anyway? Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. Finance service providers. Real-time payments demand the highest standards of service availability.

IT

IT Security Digital transformation Compliance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Indonesia Publishes Proposed Data Protection Rule

Hunton Privacy

JULY 17, 2015

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). 82 of 2012.

Personal data

Personal data Archiving Financial Services Communications

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. appeared first on Security Affairs. Provide unpredictable usernames.

IT

IT Passwords Authentication Data Privacy

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The incident will reignite debate as to whether the UK should have a mandatory data breach law.

Security

Security Insurance Data breaches Personal data

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud

Cloud Data breaches Encryption Access

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed.

Data Privacy

Data Privacy Privacy Security Data breaches

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Related: Applying ‘zero trust’ to managed security services. Fortunately, the identity management space has attracted and inspired some of the best and brightest tech security innovators and entrepreneurs. Efforts to balance security and productivity sometimes backfired. It’s not for lack of trying.

Access

Access Government Authentication Data breaches

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

Hunton Privacy

FEBRUARY 12, 2013

The Guidelines introduce heightened notice and opt-out requirements for the use of cookies, web beacons and similar technology, and they impose extensive requirements on the content and delivery of privacy notices generally (with respect to all personal data, not just data collected via cookies and other automated means).

Privacy

Privacy Personal data Data collection Financial Services

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

According to the 2019 Thales Data Threat Report-India Edition , digital transformation is well underway in India, with 41% of Indian respondents saying they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater organizational agility. Complexity is a Barrier to Data Security.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Data breached: 4,186,879,104 messages. Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Honor, Huawei, iFlytek, OPPO, Samsung Electronics, Tencent, Vivo and Xiaomi Technology.

Data Privacy

Data Privacy Privacy Manufacturing Security

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance , identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

One of the most notable blockchain skeptics – David Gerard –argues that if “you were silly enough to put personal data into an append-only ledger which is a proof-of-work blockchain — that’d be flat-out insane.”. While pseudonymization falls within GDPR protection as such data may be re-identified (i.e.

Blockchain

Blockchain GDPR Privacy Personal data

Information Management Today

Toyota Financial Services discloses a data breach

Security Compliance & Data Privacy Regulations

Trending Sources

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Navigating the EU-US Data Protection Framework

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Multinational ICICI Bank leaks passports and credit card numbers

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Singapore Parliament Passes Personal Data Protection Act

NYDFS settles with EyeMed for $4.5 million

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

New York SHIELD Act $600,000 settlement

An ongoing Qbot campaign targeted customers of tens of US banks

Popular apps left biometric data, IDs of millions of users in danger

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Security in the finance sector: Whose role is it anyway?

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Indonesia Publishes Proposed Data Protection Rule

What is credential stuffing? And how to prevent it?

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

CIPL and AvePoint Release Global GDPR Readiness Report

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Privacy and Cybersecurity Top 10 for 2018

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

India’s Digital Future Is Bright

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Stay Connected